how-to block ads
|
New Years$
join:2001-12-20
| TEMPEST ATTACK MYTH
Spooky, eh? Then think about THIS:
TEMPEST stands for Transient Electromagnetic Pulse Standard.
Its electromagnetic radiation "leaking" from every electronic equipment. Including your desktop PC... We are used to think that spying is something that you do with hidden cameras, microphones or sneaking into someone’s office. Well, maybe we should start to think otherwise. Snooping information from your computer is basicly speaking much, much more easier.
TEMPEST attacks are most easily done by analyzing the electromagnetic radiation from your monitor (usually). With kind a phased array antenna & few electronical components it is possible to "see" what you see in your computer screen...But as an exception that it can be done from across the street and there’s absolutely no way you can know whether or not you are targeted by TEMPEST. This makes it very powerful way to do some serious espionage. This is the technic that some television licence inspectors use when they need to verify that some person is using television without paying the license fee.
»www.markusjansson.net/ewhybother.html
____________________________________________________________
The above information is false and misleading. There is no such thing as a TEMPEST ATTACK.
Tempest is Electronic and electromechanical information-
processing equipment can produce unintentional intelligence-bearing emanations, commonly known as TEMPEST.
This has led to a Standards detailed in Specifications for Testing electronic equipment spurious emissions adopted by various groups to manufacture and sell a quality product that in turn is acceptable to those groups who have adopted that standard for the well being and protection of the user.
Another Standard detailed in Specifications for Testing electronic equipment is called EMI Testing. EMI is basically Electro-Magnetic Interference. All electronic equipment is susceptible to some degree or other to this interference and these specifications detail the Vulnerability of the Manufactured equipment.
EMI CAN be INTENTIONAL intelligence-bearing emanations. This is defined as Directed ATTACK. When it does not carry intelligent information it is defined as a Distributed ATTACK.
This clarification is presented for information purposes and is neither a directed or distributed attack on the Author.
This is an example of the work being done by people who are knowledgable about both of these subjects....
»www.eng.warwick.ac.uk/DTU/mines/people.html
With that, I wish you all a Merry Christmas with my hope for Peace and Goodwill to All men/women on this Earth. | |
wheelert$93
T L C
ExMod 2002
join:2000-06-01
Lynden, ON
| Old stuff. Although the terminology isn't really correct, the general information presented IS correct. It is possible to pick up the signals coming from your system. Quite easy to do actually.
--
Heaven doesn't want me and Hell is afraid I'm going to take over. | |
jvmorris
I Am The Man Who Was Not There.
Premium,MVM
join:2001-04-03
Reston, VA
| reply to New Years$
Yeah, wheelert is correct, as far as I know.
I first saw a graphic demonstration of the so-called TEMPEST vulnerability back in the very early 80s. Someone took the shielding off a TEMPEST-approved word processor (I think it was a Lexitron) and we sat there and looked at the suitcase that was picking up and displaying the information on the screen about twenty feet away.
Two things:
First, this was an intercept capability, not an attack capability (which, of course, is why certain very expensive dedicated word processors such as Lexitron, Lanier, Wang, CPT, Xerox, etc., produced TEMPESTed versions for use in highly sensitive environments. (Hmm, where did they go? I know, because I was there when it happened!  )
Second, the machines from that era were so noisy that you really couldn't count on running a simple TV within about 20 feet of them! That noisiness problem, of course, has long been resolved by FCC standards (believe I got that right?) I'm sure detection equipment has also improved in the interim, but it's still not gonna be cheap. And, IIRC, the major radiators were unshielded cabling between the system box and the monitor, keyboard, external modem, etc.)
--
Regards,
Joseph V. Morris | |
New Years$
join:2001-12-20
| (Hmm, where did they go? I know, because I was there when it happened! )
»www.nsa.gov/isso/bao/tempest1/link.htm
They are all over the world and the mainstay of every CSSU,
Combat Service Support Unit, and the are now called "hardened Systems". | |
jansson_mark
Markus Jansson
Premium
join:2001-08-05
Finland
|  reply to New Years$
Whatta ****?!?
So what does this mean then?
»www.eskimo.com/~joelm/tempest.html
"In the civilian world, you'll often hear about TEMPEST devices (a receiver and antenna used to monitor emanations) or TEMPEST attacks (using an emanation monitor to eavesdrop on someone). While not quite to government naming specs, the concept is still the same."
I prefer writing with a language that people reading my site understand, meaning I would rather use something like:
- "TEMPEST protection" about protecting against this attack
- "TEMPEST attack" about making this attack
Rather than using techno-blahblahblah which 99% of users dont understand and dont bother understand.
One clear error I have noticed tought which must be due to my terrible english:
"TEMPEST stands for Transient Electromagnetic Pulse Standard." SHOULD say "TEMPEST stands for Transient Electromagnetic Pulse EMANATION Standard". 
But instead of "pointing out" minor bugs about my site in the public forum, how about emailing me and telling me about them? I think that is the usual way of doing things...
--
My privacy related homepage & PGP keys:»www.markusjansson.net | |
New Years$
join:2001-12-20 | reply to wheelert$93
Re: TEMPEST ATTACK MYTH
It is possible to pick up the signals coming from your system. Quite easy to do actually.
What Signal are you talking about?
What do you mean "Quite easy to do actually"?
What are your references? | |
jvmorris
I Am The Man Who Was Not There.
Premium,MVM
join:2001-04-03
Reston, VA
| reply to New Years$
said by New Years:
(Hmm, where did they go? I know, because I was there when it happened! )
»www.nsa.gov/isso/bao/tempest1/link.htm
They are all over the world and the mainstay of every CSSU,
Combat Service Support Unit, and the are now called "hardened Systems".
Surely, not those old TEMPESTed word processors! Hell, by 1984 I could have given you a TEMPESTed PC for about a third the price that used non-proprietary OSs and would run standard COTS available at a fraction of the cost!
--
Regards,
Joseph V. Morris | |
wheelert$93
T L C
ExMod 2002
join:2000-06-01
Lynden, ON | reply to New Years$
My references?? 20 years of military communications security, including TEMPEST.
--
Heaven doesn't want me and Hell is afraid I'm going to take over. | |
New Years$
join:2001-12-20
| So what is TEMPEST?
TEMPEST is the name of a technology involving the monitoring (and shielding) of devices that emit electromagnetic radiation (EMR) in a manner that can be used to reconstruct intelligible data. The term’s origin is believed to simply be a code word used by the U.S. government in the late 1960s, but at a later stage it apparently became an acronym for Telecommunications Electronics Material Protected from Emanating Spurious Transmissions. Some sources insist that it is an acronym for Transient Electromagnetic Pulse Emanation STandard.
»www.sans.org/infosecFAQ/encrypti···PEST.htm
James Atkinson, a telecommunications engineer specializing in the field of technical surveillance countermeasures (TSCM), and president of Granite Island Group (a company specializing in doing communications security work for government and defense contractors) has worked with TEMPEST for 20 years. TEMPEST is not a spying technology, he says, and anyone who says otherwise is either lying or misinformed. He says that the reason today’s PCs are shielded is not to prevent their emanations from being intercepted, but to keep their electronic "noise" from leaking out and interfering with other electronic devices, such as radios and TVs. While sneaking a peak at what’s on someone’s computer screen from a distance is theoretically possible, Atkinson says, it is very difficult to do, extremely costly and impractical. | |
wheelert$93
T L C
ExMod 2002
join:2000-06-01
Lynden, ON | Not difficult, and can be done with parts picked up from Radio Shack. All I'll say on the matter. | |
jansson_mark
Markus Jansson
Premium
join:2001-08-05
Finland
|  reply to New Years$
said by New Years:
While sneaking a peak at what’s on someone’s computer screen from a distance is theoretically possible, Atkinson says, it is very difficult to do, extremely costly and impractical.
OK. Concider I want to spy on FBI or some other high-profile place. Or Nokia office. Whatever.
Which one is the best way to go:
1. Break inside with AR:s, shooting all guards and perhaps getting in and killed.
2. Sneak inside and try to fool hightech security, security guards and fellow workers so you can get some documents.
3. Pickup few gizmos, park you car in the parking space nearby and get your antennas ready.
(4. Hire some hacker to break into their databases, shutdown antivirus, firewalls etc. and get the info you want)
--
My privacy related homepage & PGP keys:
»www.markusjansson.net
[text was edited by author 2001-12-21 20:36:11] | |
jansson_mark
Markus Jansson
Premium
join:2001-08-05
Finland
|  reply to wheelert$93
Re: wheelert
said by wheelert:
Not difficult, and can be done with parts picked up from Radio Shack. All I'll say on the matter.
How about the other way around? I mean, I know how to prevent that somehow (difficult, costly, etc.) but is there any good, easy and cheap solutions? Metallic cage around your computer room? What would you recommend?
--
My privacy related homepage & PGP keys:»www.markusjansson.net | |
wheelert$93
T L C
ExMod 2002
join:2000-06-01
Lynden, ON
| reply to jansson_mark
Re: TEMPEST ATTACK MYTH
Actually, option 2 would be easiest. You have to be closer than the parking lot for option 3 to work.
1. Yes, TEMPEST exists. Yes, we in the military take it fairly seriously.
2. Can I sit a couple of hundred yards away and pick stuff up? Ummmmmmmmmmmm, no.
3. Can I weasel access to a building and set up something closer? You bet! Now we're cooking with gas and I'm going to get some interesting stuff.
4. Is this something JQ Public needs to worry about. No. Your information isn't worth it. Sorry. It just isn't.
Edit -- Markus, separation and distance is the key.. Yeah, you could build a huge shielded enclosure for mega bucks, but what do you have then? One hell of an expensive room that you really didn't need to begin with.
--
Heaven doesn't want me and Hell is afraid I'm going to take over.
[text was edited by author 2001-12-21 20:44:00] | |
jansson_mark
Markus Jansson
Premium
join:2001-08-05
Finland
| Re: wheelert
said by wheelert:
4. Is this something JQ Public needs to worry about. No. Your information isn't worth it. Sorry. It just isn't.
Are you suggesting that my 4Gb collection of premium German **rn isnt worth it? How dare you!
No seriously, if you can do it with few radiotech components, how difficult/expensive it can be? Well, if you can either drill a hole onto the wall and install camera rather than setup these monitoring equipments...
--
My privacy related homepage & PGP keys:»www.markusjansson.net | |
New Years$
join:2001-12-20
| reply to wheelert$93
Re: TEMPEST ATTACK MYTH
One could not pick up the noise of a leaky capacitor in a PC power supply with the parts from Radio Shack much less any intelligent data.
My Reference??? 30 years experience of testing, designing, and fielding that equipment including help drafting the current Spec which,by the way,is no longer Tempest. That is why your statement that this is "old stuff" is correct. | |
gwion
wild colonial boy
Premium,ExMod 2001-08
join:2000-12-28
Pittsburgh, PA
| reply to New Years$
We're getting into semantics, here. The page at NSA is a list of suppliers whose products meet the level I TEMPEST standards set out in NSTISSAM TEMPEST/1-92, Compromising Emanations Laboratory Test Standard, Electromagnetics, dated 15 December 1992. TEMPEST refers to a standard of protection from electromagnetic emanations. It does not refer to electromagnetic emanations, themselves. Those are called, generally, "electromagnetic emanations." The NSA has deemed fit to promulgate a standard, and go so far as to create an advisory commission on TEMPEST standards, and the clearinghouse for information regarding the standards for one reason: they are the U.S. government's signals intelligence agency, and are charged with keeping the information infrastructure of the government secure. They perceive electromagnetic emanations as a real security issue. The standards are to encourage (ah, that is, "mandate") that military and intelligence computers meet certain minimum standards to contain electromagnetic emanations... so, that said, it is perfectly accurate to say "TEMPEST" itself is not a proper noun referring to an exploit. TEMPEST is actually used generically to refer to a standard adopted as a countermeasure program, not an exploit.
The exploit is to capture ambient electromagnetic emanations from various computer and network components, and render them remotely in user-readable form. It's a real exploit. It's not a figment of anyone's imagination. It's as old as radio wave communications, too. It is correct, also, that electromagnetic shielding in computer components on the consumer market are shielded for two reasons, one, to prevent interference with each other, and, two, to meet FCC standards for not destroying communications signals for a 2 block radius... but in a secure facility, the third reason is to prevent compromising capture of data... the bottom line is that the equipment is cumbersome, and while it's easy to build, a hobbiest wouldn't be able to build it very small, or very concealable, nor could he get much range. Nor would the home rolled one be extremely discriminating. The victim, who would already be wondering why the laundry truck was parked directly in front of his window, might just flip on the TV set beside the computer and send the fellow garbage, depending on how skillful he was in electrical engineering. I saw one of the homerolled ones, and it was as big as a console TV set... built by an engineer, with the only requirement being he used only Radio Shack type parts... it worked, if I could believe the report, but wasn't a real killer crack, since it had to be in close proximity to the source, and it was very undiscriminating, if anything else was in the area. Just checked out the pics and scanned the article ages ago, so that was all I remembered accurately enough to repeat...
Now, in international espionage, I would expect that the enemy would have the resources at his disposal to pay big money for miniaturization and specialization, and might have a government lab helping, so NSA is right to be concerned... we would be candidates for a tinfoil hat if we got altogether too concerned, ourselves. Either that or up to something they would have to kill us for after we finished, anyhow. Well to note that not just monitors, but hard drives, network cards and cables, and all sorts of things give off EMR... it's not limited to screen capture, by any means, and the devices for those types of exploit, I assume, would be quite different from the ones that capture monitor activity...
What Wheelert said, in other words --- but, with the qualification that the point of the NSA "TEMPEST" research is protection from the exploits and compromises... they don't have to build a program to develop techniques for it... any competent electrical engineer could probably slap together a workable device to capture the emanations... the only challenges would be processing the information and displaying the data in readable form ...
All that said, the technology is a lot more likely to be encountered in a military-high intrigue environment than anywhere else... although it could be done, it's usually a lot easier to get the info other ways. Capturing ambient EMR is the course of last resort, where there's no practical physical way of intercepting the data, at least, without detection.
--
"Arm yourselves, and be ye men of valour, and be in readiness for the conflict; for it is better for us to perish in battle than to look upon the outrage of our nation and our altar." - Sir Winston Churchill | |
Wildcatboy
Premium,Mod
join:2000-10-30
Toronto, ON
Host:
Security Product V..
Security
| reply to New Years$
said by New Years:
James Atkinson:... TEMPEST is not a spying technology, he says, and anyone who says otherwise is either lying or misinformed. He says that the reason today’s PCs are shielded is not to prevent their emanations from being intercepted, but to keep their electronic "noise" from leaking out and interfering with other electronic devices...
I'm sorry but that is definitely a false statement. In order to prove my point I need to give you a short History and background as what CSE is and then I'll get back to this point.
CSE (The Communications Security Establishment) is Canada's top-secret spy agency. Watching movies like True Lies that suggest there is an ultimate spy agency - beyond the CIA in the United States, one begins to wonder. This agency is so secret, its mere existence was not admitted until 1983 - thirty seven years after it was created! CSE is Canada's national Signals Intelligence (SIGINT) organization. In 1947, the CSE took on the additional responsibility of serving as the Canadian Government's communications-electronic security (COMSEC) agency. the latter responsibility is now listed as the somewhat broader category, Information Technology Security (INFOSEC). By the way the official mandate of CSE to this day is top secret and not known to the public.
A long while back CSE started creating a series of security requirements for Security ranging from hardware to software to the kitchen sink which later on was named "The Common Criteria" or CC in short. This eventually became a joint project between Canada, France, United Kingdom, The Netherlands, Germany and United States in fact two departments in US, NSA and NIST (National Institute of Standards and Technology (Computer Security Division)). The common Criteria is what is being used by all those Governments to evaluate the Security of anything that is used in a Secret Government organization from the Army to intelligence or any company that works directly with or under them. Anything that passes CC tests by CSE is automatically accepted by NSA without further examinations.
They also created CEM which is basically another rule book as how one should go through the first rule book (CC). A copy of CEM can be found here in pdf format. You can also find one of their many guidelines named A Guide to RISK ASSESSMENT AND SAFEGUARD SELECTION for Information Technology Systems. in pdf format. And I quote: quote:
The threat agent mounting this type of attack requires the right type of monitoring equipment to intercept electromagnetic emissions. Attacks range from analyzing direct radiation from visual display units traveling through free space, to tapping into secondary conductors (for example, power lines) that might carry signals bearing information, to acoustical monitoring and analyzing the sounds of certain types of equipment. The known attacks have focused on military targets and foreign missions. There is no reason why such attacks would be limited to these areas; considering general increases in technical capability and shifts in the targeted assets by foreign intelligence services to include industrial and economic espionage. It should be noted that attackers utilizing this attack have sometimes resorted to the planting of clandestine transmission devices within IT systems to enhance the range of signals that can be detected; this type of attack typically implies collusion with repair or supply facilities or cooperation with an insider.
And here's the answer to James Atkinson when he said the measures are only to keep the noise down: quote:
The component of COMSEC, with which the term TEMPEST is associated, which consists of all the measures taken to deny unauthorized interception and analysis of compromising emanations from crypto-equipment, information processing and telecommunications equipment.
And here's a quote from their NETWORK SECURITY, Analysis and Implementation. quote:
They deal also with TEMPEST technology which prevents unauthorized individuals or systems from intercepting and compromising electromagnetic emanations coming from the network components. TEMPEST equipment is normally used to secure top secret information and extremely sensitive designated information based on a TRA.
Last but not least I always believed CSE should have had it's own thread because their site is a wealth of information regarding just about any thing security related. They have a comprehensive list of every equipment that has passed CC requirements from Network cards to Routers. Although the firewall list is very short I'm afraid. There's been only one firewall that has ever been able to pass the common criteria in History of all firewalls. Black Hole. Here's their site. Using the search option you can find a huge amount of Security information mostly in PDF format.
--
You can catch the Devil, but you can't hold him long. | |
New Years$
join:2001-12-20
| This thread and subject is about Tempest Attack. There is no such thing. All that you have presented proves that,execept your qoute with the imcompelete sentence.
___________________________________________________________
quote:
The component of COMSEC, with which the term TEMPEST is associated, which consists of all the measures taken to deny unauthorized interception and analysis of compromising emanations from crypto-equipment, information processing and telecommunications equipment.
___________________________________________________________
This is not a complete sentence. I have no idea where you got it, but maybe if you presented the whole Paragraph it might shed some light on what was really said, for it does not prove there is such an animal as a TEMPEST ATTACK.
____________________________________________________________
quote:
They deal also with TEMPEST technology which prevents unauthorized individuals or systems from intercepting and compromising electromagnetic emanations coming from the network components. TEMPEST equipment is normally used to secure top secret information and extremely sensitive designated information based on a TRA.
____________________________________________________________
This is a true statement and is exactly, no more no less what TEMPEST is all about.
So lets get back to the subject and the reason for this post.
Define in a sentence or paragraph a TEMPEST ATTACK>
James Atkinson statement is true, every word of it.
The write up you present on the CSE and their interface with other angencies contains some inaccuracies as to dates,
international responsibilities, and oganizational agreement.
But to discuss that or anything associated with COMSEC is classified.
Your purpose of bringing it to this thread can be best summed up with your own statement...."Last but not least I always believed CSE should have had it's own thread because their site is a wealth of information regarding just about any thing security related."
I totally agree with that statement. I hope that you can accomplish that. I certainly would support it, for out of that group would come responsible journalism that would trickle down to even a Security Forum for the general public.
Knowledge is a very powerful tool. That is why a myth exists
that there is a term called TEMPEST ATTACK but I see that your goal here seems to perpetuate it.
So now I still would like to hear anyone's defination without playing a game with it. | |
Wildcatboy
Premium,Mod
join:2000-10-30
Toronto, ON
Host:
Security Product V..
Security
| said by New Years:
This is not a complete sentence. I have no idea where you got it, but maybe if you presented the whole Paragraph it might shed some light on what was really said...
Hmmm... I thought I did. Perhaps if you read the post more carefully you'd see the link to the full document.
said by New Years:
... it does not prove there is such an animal as a TEMPEST ATTACK.
Interesting, then perhaps you should read the bold part in the first quote where it states: "The known attacks have focused on military targets and foreign missions. There is no reason why such attacks would be limited to these areas;... said by New Years:
So now I still would like to hear anyone's defination without playing a game with it.
It seems to me that you are the one playing games. I simply tried to mention that if organizations like CSE or NSA believe such a threat exists and spend a lot of money trying to protect themselves there must be something to it. I believe people in this thread have stated their opinions based on their experiences, studies or documented facts and it seems to me that you have chosen to believe what you believe. I don't see anything wrong with it. You are entitled to your opinions and so are the rest of the people in this thread and so is Markus. I don't see anything wrong with what he's stated on his site. I don't think most people in this thread see anything wrong with it either.
So as far as I'm concerned, I'm done playing the game. You are more than welcome to continue if others are willing to play.
--
You can catch the Devil, but you can't hold him long. | |
spy1$
join:2001-10-06
Clover, SC
| reply to New Years$
New Years - Read about Tempest quite some time ago, but always figured that if they were THAT intent on getting your stuff (and had to get that close, anyway), they'd simply come as telephone/cable repairmen and just put a relay/transmitter on your line and get everything. Much more cost-effective, less neighborhood-alarming (no black vans constantly circling the block with a satellite dish pointed at your house ).
Personally, if I were going to worry about things, I'd worry more about them waiting for you to go shopping, doing a search of your house and implanting a hardware keystroke logger (inside the computer case or inside the keyboard itself) on the way out the door (since they don't have to notify you of the search anymore and since it's now so incredibly easy for them to obtain 'permission' to bug you).
Of course, my computer resides in my bomb/nuclear attack/tornado/biological warfare/SWAT team shelter ( 12 ft. under the house, reachable only by moving the items under the kitchen cupboard in a specific order - nasty, NASTY consequences for moving one out of sequence! ) and it's connection is via tunneled, lead-sheathed cable that runs off my neighbors' satellite dish (he's a nice guy, but clueless - "It keeps switching satellites all by itself!" says he), so perhaps I shouldn't comment any further on this one.
I think everyone should make an attempt to live out in the middle of the boonies - strangers stand out like sore thumbs, and if you call your neighbors and tell them you've got an intruder (HOT DAMN!) it sounds like a thunderstorm from the sound of all those gun-cabinet doors hitting the wall and all those pick-up trucks starting up, lightbars ablaze, as the NRT (Neighborhood Response Team) swings into action.
But I digress. Merry Christmas! Pete
--
Compaq Presario 7110US, 1.3GHz AMD Athlon, 256MB PC2100 DDR RAM, 60GB HD, WinMe, IE5.5 w/SP2, NS4.7, Opera 5.12. Internet mod @ »www.suggestafix.com/cgi-bin/foru···oard.cgi and »www.wilders.org/forums.htm | |
|
